Sign-up

ID

VAR-200702-0361


CVE

CVE-2007-0900


TITLE

TagIt! Tagboard In PHP Remote file inclusion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-005094

DESCRIPTION

Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. TagIt! Tagboard Is register_globals When is enabled, PHP A remote file inclusion vulnerability exists. This vulnerability CVE-2006-5249 Is a different vulnerability.By a third party, within the following parameters URL Through any PHP The code may be executed. TagIt! Tagboard 2.1.B Build 2 and earlier versions have vulnerabilities. TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible

Trust: 2.43

sources: NVD: CVE-2007-0900 // JVNDB: JVNDB-2007-005094 // CNVD: CNVD-2007-0966 // BID: 22518

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2007-0966

AFFECTED PRODUCTS

vendor:tagitmodel:tagboardscope:lteversion:2.1.b_build_2

Trust: 1.0

vendor:tagitmodel:tagboardscope:lteversion:2.1.b build 2

Trust: 0.8

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:tagitmodel:tagboardscope:eqversion:2.1.b_build_2

Trust: 0.6

vendor:tagitmodel:tagit2b 2.1.b buildscope:eqversion:2

Trust: 0.3

sources: CNVD: CNVD-2007-0966 // BID: 22518 // JVNDB: JVNDB-2007-005094 // CNNVD: CNNVD-200702-264 // NVD: CVE-2007-0900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0900
value: HIGH

Trust: 1.0

NVD: CVE-2007-0900
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200702-264
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2007-0900
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-005094 // CNNVD: CNNVD-200702-264 // NVD: CVE-2007-0900

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0900

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-264

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200702-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005094

PATCH
title:Tagit2b Downloadurl:http://www.securityfocus.com/bid/20451/references
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005094

EXTERNAL IDS
db:NVDid:CVE-2007-0900
Trust: 2.7
db:BIDid:22518
Trust: 2.5
db:VUPENid:ADV-2007-0557
Trust: 1.6
db:OSVDBid:34607
Trust: 1.6
db:OSVDBid:34603
Trust: 1.6
db:OSVDBid:34611
Trust: 1.6
db:OSVDBid:34606
Trust: 1.6
db:OSVDBid:34609
Trust: 1.6
db:OSVDBid:34612
Trust: 1.6
db:OSVDBid:34613
Trust: 1.6
db:OSVDBid:34617
Trust: 1.6
db:OSVDBid:34616
Trust: 1.6
db:OSVDBid:34605
Trust: 1.6
db:OSVDBid:34604
Trust: 1.6
db:OSVDBid:34615
Trust: 1.6
db:OSVDBid:34608
Trust: 1.6
db:OSVDBid:34614
Trust: 1.6
db:OSVDBid:34618
Trust: 1.6
db:OSVDBid:34610
Trust: 1.6
db:JVNDBid:JVNDB-2007-005094
Trust: 0.8
db:CNCVEid:CNCVE-20070900
Trust: 0.6
db:CNVDid:CNVD-2007-0966
Trust: 0.6
db:XFid:32436
Trust: 0.6
db:CNNVDid:CNNVD-200702-264
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2007-0966 // 
            
            
            
            BID: 22518 // 
            
            
            
            JVNDB: JVNDB-2007-005094 // 
            
            
            
            CNNVD: CNNVD-200702-264 // 
            
            
            
            NVD: CVE-2007-0900

REFERENCES
url:http://www.securityfocus.com/bid/22518
Trust: 2.2
url:http://advisories.echo.or.id/adv/adv65-k-159-2007.txt
Trust: 1.6
url:http://www.osvdb.org/34618
Trust: 1.6
url:http://www.osvdb.org/34617
Trust: 1.6
url:http://www.osvdb.org/34616
Trust: 1.6
url:http://www.osvdb.org/34615
Trust: 1.6
url:http://www.osvdb.org/34614
Trust: 1.6
url:http://www.osvdb.org/34613
Trust: 1.6
url:http://www.osvdb.org/34612
Trust: 1.6
url:http://www.osvdb.org/34611
Trust: 1.6
url:http://www.osvdb.org/34610
Trust: 1.6
url:http://www.osvdb.org/34609
Trust: 1.6
url:http://www.osvdb.org/34608
Trust: 1.6
url:http://www.osvdb.org/34607
Trust: 1.6
url:http://www.osvdb.org/34606
Trust: 1.6
url:http://www.osvdb.org/34605
Trust: 1.6
url:http://www.osvdb.org/34604
Trust: 1.6
url:http://www.osvdb.org/34603
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32436
Trust: 1.0
url:http://www.vupen.com/english/advisories/2007/0557
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0900
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0900
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/0557
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/32436
Trust: 0.6
url:http://www.deadlysin3.net/tagit2b/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2007-0966 // 
            
            
            
            BID: 22518 // 
            
            
            
            JVNDB: JVNDB-2007-005094 // 
            
            
            
            CNNVD: CNNVD-200702-264 // 
            
            
            
            NVD: CVE-2007-0900

CREDITS
K-159 is credited with the discovery of these vulnerabilities.
Trust: 0.9
sources:
            
            
            BID: 22518 // 
            
            
            
            CNNVD: CNNVD-200702-264

SOURCES
db:CNVDid:CNVD-2007-0966
db:BIDid:22518
db:JVNDBid:JVNDB-2007-005094
db:CNNVDid:CNNVD-200702-264
db:NVDid:CVE-2007-0900

LAST UPDATE DATE
2025-04-10T23:19:14.159000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2007-0966date:2007-02-12T00:00:00
db:BIDid:22518date:2015-05-12T19:34:00
db:JVNDBid:JVNDB-2007-005094date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200702-264date:2007-02-13T00:00:00
db:NVDid:CVE-2007-0900date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2007-0966date:2007-02-12T00:00:00
db:BIDid:22518date:2007-02-12T00:00:00
db:JVNDBid:JVNDB-2007-005094date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200702-264date:2007-02-13T00:00:00
db:NVDid:CVE-2007-0900date:2007-02-13T20:28:00